31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 351–400 of 1,619 in KEV · page 8 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2024-35250 | Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability KEVMicrosoft | Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges. |
| CVE-2024-34102 | Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability KEVAdobe | Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code executi… |
| CVE-2024-3400 | Palo Alto Networks PAN-OS Command Injection Vulnerability KEVPalo Alto Networks | Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with roo… |
| CVE-2024-3393 | Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability KEVPalo Alto Networks | Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an una… |
| CVE-2024-32896 | Android Pixel Privilege Escalation Vulnerability KEVAndroid | Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation. |
| CVE-2024-3273 | D-Link Multiple NAS Devices Command Injection Vulnerability KEVD-Link | D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthor… |
| CVE-2024-3272 | D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability KEVD-Link | D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading t… |
| CVE-2024-32113 | Apache OFBiz Path Traversal Vulnerability KEVApache | Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution. |
| CVE-2024-30088 | Microsoft Windows Kernel TOCTOU Race Condition Vulnerability KEVMicrosoft | Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation. |
| CVE-2024-30051 | Microsoft DWM Core Library Privilege Escalation Vulnerability KEVMicrosoft | Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges. |
| CVE-2024-30040 | Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability KEVMicrosoft | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass. |
| CVE-2024-29988 | Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability KEVMicrosoft | Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulner… |
| CVE-2024-29824 | Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability KEVIvanti | Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute … |
| CVE-2024-29748 | Android Pixel Privilege Escalation Vulnerability KEVAndroid | Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app. |
| CVE-2024-29745 | Android Pixel Information Disclosure Vulnerability KEVAndroid | Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices. |
| CVE-2024-29059 | Microsoft .NET Framework Information Disclosure Vulnerability KEVMicrosoft | Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution. |
| CVE-2024-28995 | SolarWinds Serv-U Path Traversal Vulnerability KEVSolarWinds | SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine. |
| CVE-2024-28987 | SolarWinds Web Help Desk Hardcoded Credential Vulnerability KEVSolarWinds | SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and mod… |
| CVE-2024-28986 | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability KEVSolarWinds | SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution. |
| CVE-2024-27443 | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability KEVSynacor | Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacke… |
| CVE-2024-27348 | Apache HugeGraph-Server Improper Access Control Vulnerability KEVApache | Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code. |
| CVE-2024-27199 | JetBrains TeamCity Relative Path Traversal Vulnerability KEVJetBrains | JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed. |
| CVE-2024-27198 | JetBrains TeamCity Authentication Bypass Vulnerability KEVJetBrains | JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions. |
| CVE-2024-26169 | Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability KEVMicrosoft | Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SY… |
| CVE-2024-24919 | Check Point Quantum Security Gateways Information Disclosure Vulnerability KEVCheck Point | Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access i… |
| CVE-2024-23897 | Jenkins Command Line Interface (CLI) Path Traversal Vulnerability KEVJenkins | Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code… |
| CVE-2024-23692 | Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability KEVRejetto | Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated… |
| CVE-2024-23296 | Apple Multiple Products Memory Corruption Vulnerability KEVApple | Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capabi… |
| CVE-2024-23225 | Apple Multiple Products Memory Corruption Vulnerability KEVApple | Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and w… |
| CVE-2024-23222 | Apple Multiple Products WebKit Type Confusion Vulnerability KEVApple | Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web c… |
| CVE-2024-23113 | Fortinet Multiple Products Format String Vulnerability KEVFortinet | Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary … |
| CVE-2024-21893 | Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability KEVIvanti | Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vuln… |
| CVE-2024-21887 | Ivanti Connect Secure and Policy Secure Command Injection Vulnerability KEVIvanti | Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of… |
| CVE-2024-21762 | Fortinet FortiOS Out-of-Bound Write Vulnerability KEVFortinet | Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted H… |
| CVE-2024-21413 | Microsoft Outlook Improper Input Validation Vulnerability KEVMicrosoft | Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability woul… |
| CVE-2024-21412 | Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability KEVMicrosoft | Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass. |
| CVE-2024-21410 | Microsoft Exchange Server Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2024-21351 | Microsoft Windows SmartScreen Security Feature Bypass Vulnerability KEVMicrosoft | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject cod… |
| CVE-2024-21338 | Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability KEVMicrosoft | Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in app… |
| CVE-2024-21287 | Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability KEVOracle | Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Developmen… |
| CVE-2024-21182 | Oracle WebLogic Server Unspecified Vulnerability KEVCVSS 7.5Oracle | Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLog… |
| CVE-2024-20953 | Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability KEVOracle | Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to … |
| CVE-2024-20767 | Adobe ColdFusion Improper Access Control Vulnerability KEVAdobe | Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed ad… |
| CVE-2024-20481 | Cisco ASA and FTD Denial-of-Service Vulnerability KEVCisco | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that co… |
| CVE-2024-20439 | Cisco Smart Licensing Utility Static Credential Vulnerability KEVCisco | Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and ga… |
| CVE-2024-20399 | Cisco NX-OS Command Injection Vulnerability KEVCisco | Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute command… |
| CVE-2024-20359 | Cisco ASA and FTD Privilege Escalation Vulnerability KEVCisco | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalati… |
| CVE-2024-20353 | Cisco ASA and FTD Denial of Service Vulnerability KEVCisco | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service con… |
| CVE-2024-1709 | ConnectWise ScreenConnect Authentication Bypass Vulnerability KEVConnectWise | ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a n… |
| CVE-2024-1708 | ConnectWise ScreenConnect Path Traversal Vulnerability KEVConnectWise | ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and… |